Microsoft Patches Critical SharePoint RCE Flaw CVE-2026-45659

Microsoft has released security updates addressing a critical remote code execution vulnerability, tracked as CVE-2026-45659, affecting Microsoft SharePoint Server across multiple versions. The flaw carries a CVSS score of 8.8 and is classified as Important severity, stemming from deserialization of untrusted data that could allow an authenticated attacker to execute arbitrary code remotely without requiring administrator privileges. According to Microsoft's advisory, the vulnerability can be exploited by any authenticated attacker with a minimum of Site Member permissions (PR:L), making it a significant risk for organizations running affected SharePoint deployments. The flaw was discovered and responsibly reported by security researcher MEOW.

The vulnerability impacts three SharePoint Server versions: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Microsoft strongly recommends that administrators apply the necessary security patches immediately, particularly given SharePoint's history of being targeted by threat actors. The company notes that while CVE-2026-45659 is currently assessed as less likely to be exploited in the wild, the platform has experienced repeated weaponization of similar flaws over the years, making proactive patching essential for maintaining security posture.

This release comes on the heels of another SharePoint vulnerability (CVE-2026-32201, CVSS 6.5) that Microsoft disclosed last month, which was already being actively exploited by malicious actors. Organizations running SharePoint servers should prioritize testing and deploying these updates through their established port scanner and vulnerability management workflows. Administrators can verify their SharePoint deployment's exposure by running comprehensive security assessments to ensure no lingering vulnerabilities remain unpatched in their environments.